Ming Ding | Information Security and
Privacy Group | Data61, CSIROPrivacy legislation and regulations
•The United States of America (USA)
➢1970 -Fair Credit Reporting Act ( FCRA ): The Act protects information collected by consumer
reporting agencies such as credit bureaus , medical information companies and tenant
screening services . Information in a consumer report cannot be provided to anyone who does not
have a purpose specified in the Act. [Access control methods]
(https://www.ftc.gov/enforcement/statutes/fair -credit -reporting -act)
➢1996 -Health Insurance Portability & Accountability Act ( HIPAA ): A federal law that required the
creation of national standards to protect sensitive patient health information from being disclosed
without the patient’s consent or knowledge . The Privacy Rule permits important uses of
information while protecting the privacy of people who seek care and healing. [A stronger access
control mechanism based on explicit user consent]
(https://www.cdc.gov/phlp/publications/topic/hipaa.html )